MDVSA-2011:103

Problem description

Multiple vulnerabilities was discovered and fixed in gimp:

Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in
GIMP 2.6.11 allows user-assisted remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a long Position field in a plugin configuration file. NOTE:
it may be uncommon to obtain a GIMP plugin configuration file from
an untrusted source that is separate from the distribution of the
plugin itself (CVE-2010-4540).

Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP
2.6.11 allows user-assisted remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
long Number of lights field in a plugin configuration file. NOTE:
it may be uncommon to obtain a GIMP plugin configuration file from
an untrusted source that is separate from the distribution of the
plugin itself (CVE-2010-4541).

Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11
allows user-assisted remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a long
Foreground field in a plugin configuration file. NOTE: it may be
uncommon to obtain a GIMP plugin configuration file from an untrusted
source that is separate from the distribution of the plugin itself
(CVE-2010-4542).

Heap-based buffer overflow in the read_channel_data function in
file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE
compression) image file that begins a long run count at the end of
the image (CVE-2010-4543, CVE-2011-1782).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490